This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 0%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
Hi,
Since we updated SCOM 2019 to UR4 the UNIX agent installs stopped working. The error relates to the Sudoer file.
Someone has suggested tweaking the Sudoers regex to support the new agent version 1.6.10-1 since it’s the first version to include 2 digit numbers.
The new agent version is scx-1.6.10.1
The old agent version is scx-1.6.8.1
In the Sudoers file it has scx-1.[5-9].[0-9][0-9]-[0-9].sh.
Please could someone advise what the regex tweak is?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(86.4, 48%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMM%3C/text%3E%3C/svg%3E)
In specific answer to your question, the issue is the '.'- vs the '.'
Iscx-1.[5-9].[0-9][0-9]-[0-9].sh vs.
scx-1.[5-9].[0-9][0-9].[0-9].sh
For it to match: scx-1.6.10**.**1
If you're using Kevin Holman's line: scx-1.[5-9].[0-9]-[0-9][0-9][0-9].universal[[:alpha:]].[[:digit:]].x[6-8][4-6].sh
Just add a '+'
scx-1.[5-9].[0-9]+-[0-9][0-9][0-9].universal[[:alpha:]].[[:digit:]].x[6-8][4-6].sh
HI
There is a discussion on Reddit about this issue which might help:
https://www.reddit.com/r/scom/comments/wfdgfy/linux_agent_upgrade_issuefailing_to_discover/
Do you have FIPS enabled?
Is this RHEL 8 Linux servers?
proulxbear has posted:
There is also a new set of Linux management packs due to the found vulnerability in the omi package:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-33640
Cheers
Graham
Hi Graham,
Thanks for the response.
They are mainly RHEL 7.9 devices and FIPS is not enabled.
After importing the latest UNIX Management pack in June, the Agent Push job from the SCOM console stopped working for a clean install. We were getting the below error:
Failed to install kit. Exit code: 1
Standard Output: Sudo path: /usr/bin/
Standard Error: sudo: no tty present and no askpass program specified
It only works when we manually deploy the old agent to the UNIX device. Then upgrade the agent from the SCOM console. However the new agent version shows in the SCOM console, but on the device it still has the old version.
Looking at the error, it seems that it could be the sudoer file.
In specific answer to your question, the regex is off:
scx-1.6.10.1
scx-1.[5-9].[0-9][0-9]-[0-9].sh.
The '-' should be a '.'
scx-1.[5-9].[0-9][0-9].[0-9].sh.
If you're using Kevin Holman's sudoer's line, then adding that extra [0-9] (like you did), should work for the versioning.
scxmaint ALL=(root) NOPASSWD: /bin/sh -c sh /tmp/scx-scxmaint/scx-1.[5-9].[0-9]-[0-9][0-9][0-9].universal[[:alpha:]].[[:digit:]].x[6-8][4-6].sh --install; EC=$?; cd /tmp; rm -rf /tmp/scx-scxmaint; exit $EC
vs.
scxmaint ALL=(root) NOPASSWD: /bin/sh -c sh /tmp/scx-scxmaint/scx-1.[5-9].[0-9][0-9]-[0-9][0-9][0-9].universal[[:alpha:]].[[:digit:]].x[6-8][4-6].sh --install; EC=$?; cd /tmp; rm -rf /tmp/scx-scxmaint; exit $EC